Matter/Forma
request invite

forma

Architecture

FORMA is a two-plane architecture separating control from execution. The control plane manages intent, governance, observability, and decisions. The execution plane runs Material computation under bounded physical constraints. This separation ensures that governance is structural, not advisory.

Execution modelCapabilities

Two-plane separation

Every component in the Matterforma stack belongs to one of two planes. The control plane runs on conventional cloud infrastructure (AWS EKS). The execution plane operates in Material environments where physical computation occurs. The planes communicate through governed interfaces — there is no direct path from user intent to physical execution.

control plane

FORMA

Manages the full lifecycle from authoring through governance to observation. Runs as a set of microservices on Kubernetes. Handles identity, policy evaluation, artifact storage, signal processing, audit logging, and agent orchestration.

  • Authoring, compilation, and Material Twin modeling
  • Governance policy evaluation and approval workflows
  • Scheduling, orchestration, and pool management
  • Signal capture, comparison, and judgment routing
  • Audit ledger and provenance storage
  • AI agent orchestration (BERNIE)

execution plane

Material

Execution environments where Material computation actually occurs. Runs are scheduled into Material Cloud pools — capacity-managed environments that enforce physical resource boundaries. Once execution begins, Material behaves according to chemistry and physics, not software signals.

  • Material Cloud execution pools
  • Profile-bound resource enforcement
  • Physical substrate execution
  • Signal emission to SEL
  • Energy and cost metering
  • Isolation and containment boundaries

Service architecture

The FORMA control plane is composed of 16 microservices, each with a single responsibility. Services communicate through the API gateway and the Signal Event Layer. There are no hidden inter-service dependencies or back-channel calls.

core services

API ingress and routing

Gateway

Unified API entry point. Authenticates requests, routes to services, enforces rate limits, and attaches Observable Experience (OX) attribution to every response.

Authentication and authorization

Identity

Manages user accounts, API keys, organization membership, and role-based access control. Every action in the system is attributable to an authenticated identity.

Artifact production

Compiler

Compiles .matr source into Molebyte artifacts. Deterministic: the same source always produces the same artifact. Content-addressed for immutable identity.

Execution scheduling

MFCore (Runtime)

The runtime scheduler. Maps approved run requests to Material Cloud execution pools. Manages pool capacity, profile validation, and execution lifecycle.

Policy evaluation

Governance Engine

Evaluates every run request against consequence tiers, compute tiers, approval requirements, and cost ceilings. Returns an explicit allow or deny with reasoning.

Immutable record

Audit Ledger

Stores every governance decision, execution event, signal, and provenance record as an immutable, append-only ledger. The system of record for compliance and reproducibility.

Observability and monitoring

Observe

Aggregates system health, service metrics, and execution telemetry. Provides operational visibility into the control plane and execution pools.

Real-time event mesh

SEL (Signal Event Layer)

Captures, routes, and structures signals emitted by execution environments. Provides system-wide event observability and feeds the comparison and judgment pipeline.

AI intelligence layer

BERNIE

Five intelligence layers plus a deterministic Governor. Assists with artifact generation, signal interpretation, and routing decisions. Never autonomously executes high-consequence operations.

Workload scheduling

Scheduler

Manages execution queue priority, pool allocation, and timing constraints. Coordinates with MFCore to match workloads to available capacity.

Artifact and secret storage

Vault

Manages Molebyte artifact storage, version graphs, and sensitive configuration. Content-addressed storage ensures artifact integrity and deduplication.

Digital twin simulation

Material Twin

Models Matter inside Material constraints — substrate classes, environmental conditions, thermodynamic limits, and failure modes. Produces baseline distributions, timing profiles, and resource estimates used by governance and comparison.

Observable Experience (OX)

Every API response in FORMA includes decision attribution. OX is not a logging feature — it is a structural property of the architecture. When you receive a response from FORMA, you can trace exactly why that decision was made: which policy was evaluated, which governance tier applied, what Material Twin evidence was considered, and who or what approved the action.

Decision attribution

Every response carries metadata identifying the policy, identity, and governance context that produced the decision. No black boxes.

Trace lineage

From any signal or execution outcome, follow the provenance chain back to the exact artifact version, approval, and profile that produced it.

Audit readiness

OX attribution plus the Audit Ledger means that any decision made by the platform is explainable and reproducible after the fact.

Data flow

Data moves through the architecture in a single direction: from intent through governance to execution and back through observation. There are no ungoverned shortcuts.

Client

Console / API / Agent

Gateway

Auth + OX + Rate limit

Services

Compile / Material Twin / Govern

MFCore

Schedule + Pool assign

Execution

Material Cloud pools

SEL

Signals + Observe + Audit

Request flow: Client → Gateway → Service layer → MFCore → Execution pool → SEL → Audit Ledger

BERNIE: AI within governance

BERNIE is the AI intelligence layer embedded in the FORMA architecture. It is not a standalone system — it operates under the same governance model as every other component. BERNIE has five intelligence layers that handle progressively more complex tasks, and a deterministic Governor that enforces policy compliance on every AI-generated action.

intelligence layers

Five layers of capability

Each layer handles a different class of task, from basic classification through complex reasoning and artifact generation. Higher layers can propose more sophisticated actions, but every proposed action passes through the Governor before execution.

deterministic governor

Policy compliance guarantee

The Governor is deterministic, not probabilistic. It evaluates every BERNIE-proposed action against the current governance context and produces an allow, deny, or escalate decision. This ensures that AI assistance never circumvents governance boundaries.

Infrastructure

The FORMA control plane runs on AWS EKS with infrastructure managed through Terraform and deployed via CI/CD pipelines. The architecture is designed for operational maturity: health checks, graceful degradation, independent scaling per service, and zero-downtime deployments.

Kubernetes on EKS

16 microservices deployed as independent pods. Each service scales independently based on load. No single point of failure in the service mesh.

Event-driven coordination

The Signal Event Layer provides system-wide event observability. Services communicate through structured events, not direct RPC calls, reducing coupling and improving resilience.

Immutable audit infrastructure

The Audit Ledger is append-only. Governance decisions, execution events, and provenance records cannot be modified or deleted after creation.

Architecture principles

The FORMA architecture is built on principles that reflect the constraints of Material computation. These are not aspirational — they are structural requirements enforced by the system design.

No ungoverned execution paths

Every path from intent to execution passes through the governance engine. There are no backdoors, debug overrides, or admin bypasses for production workloads.

Certainty before execution

Compilation, Material Twin modeling, validation, and approval all occur before MFCore schedules a run. Runtime control is a fallback, not the primary mechanism.

Observable by default

Every API response includes OX attribution. Every execution produces signals. Every governance decision is recorded. Observability is not opt-in.

Agents within boundaries

AI agents operate under the same governance model as humans. The deterministic Governor ensures policy compliance regardless of what the intelligence layers propose.

Immutable provenance

Artifacts, run records, signals, and governance decisions are stored as immutable records. The system of record cannot be retroactively altered.

Independent scaling

Each service scales based on its own load profile. The compiler does not contend with the governance engine for resources. Pool management does not bottleneck signal processing.

Built for governed Material execution at scale.

The FORMA architecture separates control from execution, embeds governance at every layer, and produces full provenance chains from intent to outcome. Explore the execution model to understand how workloads move through the system.

Get startedExecution modelHow it works